Saturday, March 23, 2013

Nc command is different as compared to netstat command. It
comes under the netcat utility. It is helpful to open TCP connections, send UDP
packets, listen on arbitrary TCP and UDP ports, scanning of ports and it deals
with IPv4 and IPv6 as well.

Common uses of this command includes as :

·To check simple TCP proxies

·Use it in shell-script based HTTP clients and
servers

·For network daemon testing

·For a SOCKETS or HTTP ProxyCommand

Practical Uses

There are different practical
usages of this command as follows.

1.Open a
TCP connection to port 42 of my.home.org, using port 31447 as the source
port, with a timeout of 5 seconds:

$ nc -p 31447 -w 5
my.home.org 42

2.Open a
UDP connection to port 53 of my.home.org

$ nc -u my.home.org 53

3.Open a TCP Connection to port 42 of my.home.org
using 10.1.2.3 as the IP for local end of the connection:

5.The same example again, this time enabling proxy
authentication with username user1

$ nc -x10.2.3.4:8080 -Xconnect
–Puser1my.home.org 42

Other uses of nc command
as follows:

PORT SCANNING

It is useful to
check which ports are open and which services are running on a target
machine. The -z flag can be used to tell
nccommand to report open ports,
rather than initiate a connection. For
example:

$ nc -z
host.example.com 20-30

Connection
to host.example.com 22 port [tcp/ssh] succeeded!

Connection
to host.example.com 25 port [tcp/smtp] succeeded!

In case of Ubuntu machine you need to specify protocol like
for TCS use –t option, for UDP use –u option as follows:

20-30 means port range which we wanted to scan. It might be
useful to know which server software is running and which versions. This
information is often contained in greeting banners. In order to retrieve these,
it is necessary to first make connection, and then break the connection when
the banner has been retrieved. This can be accomplished by specifying a small
timeout with –w flag or by issuing a “QUIT” command to the server.

TALKING TO SERVER

It is useful to talk to servers for what data a server is
sending in response to commands issued by the client. For example, to retrieve the home page of a
web site:

$ echo -n "GET / HTTP/1.0\r\n\r\n"
| nc host.example.com 80

Note that this also displays the headers sent by the web
server. They can be filtered. More
complicated examples can be built up when the user knows the format of requests
required by the server. As another
example, an email may be submitted to

A SMTP server using:

$ nc [-C] localhost 25 << EOF

HELO host.example.com

MAIL
FROM:<user@host.example.com>

RCPT TO:<user2@host.example.com>

DATA

Body of email.

.

QUIT

EOF

DATA TRANSFER

The example in the previous section can be expanded to build
a basic data transfer model. Any
information input into one end of the connection will be output to the other
end. Input and output can be easily captured in order to emulate file transfer.

We can use nc command to listen on a specific port and
capture output into a file :

$ nc –l 1234 >nccommand.out

Now, use second machine and try to connect to listening nc
process feeding it the file which is to be transferred.

It is very easy to create client/server model using nc
command. There are some steps as follows:

Step 1: On one console, start nc command to listen on a
specific port for a connection. e.g.

$ nc –l 1235

Nc command is now listening on port 1235 for a connection.

Step 2: On a second console (or second machine) connect to
the machine and port being listened on :

$ nc 127.0.0.1 1235 (Here
we used second Console)

Now, there is connection is present between the ports.
Anything typed at the second console will be concatenated to the first and vice
versa. We can terminate this connection using an EOF character. After the
connection establishment, nc command doesn’t take care of which machine is
working as server or which machine is working as client.